Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Pillow
(Python)| Repositories |
• https://github.com/python-pillow/Pillow
• https://github.com/python-imaging/Pillow |
| #Vulnerabilities | 52 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-01-03 | CVE-2020-5312 | libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX P mode buffer overflow. | Ubuntu_linux, Debian_linux, Fedora, Pillow | 9.8 | ||
| 2020-01-03 | CVE-2020-5313 | libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overflow. | Ubuntu_linux, Debian_linux, Fedora, Pillow | 7.1 | ||
| 2021-01-12 | CVE-2020-35653 | In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations. | Debian_linux, Fedora, Pillow | 7.1 | ||
| 2021-01-12 | CVE-2020-35654 | In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. | Fedora, Pillow | 8.8 | ||
| 2021-01-12 | CVE-2020-35655 | In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mishandled. | Fedora, Pillow | 5.4 | ||
| 2021-03-03 | CVE-2021-27921 | Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large. | Fedora, Pillow | 7.5 | ||
| 2021-03-03 | CVE-2021-27922 | Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large. | Fedora, Pillow | 7.5 | ||
| 2021-03-03 | CVE-2021-27923 | Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempted memory allocation can be very large. | Fedora, Pillow | 7.5 | ||
| 2021-03-19 | CVE-2021-25289 | An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654. | Pillow | 9.8 | ||
| 2021-03-19 | CVE-2021-25290 | An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size. | Debian_linux, Pillow | 7.5 |